How (not) to implement secure digital identity - case study of Poland's Digital ID system
Digital identity solutions are on the rise in many countries. Is your identity card stored on your mobile phone in a safe and secure manner? What risks do digital identity solutions pose, and how easily can criminals exploit them? What to look out for when implementing and using a digital identity system implemented in your country? During my talk I will: analyse security of digital ID systems based on Poland's latest digital ID solution; show how a digital ID system can be used to hijack your identity; showcase critical vulnerabilities in a system storing sensitive information of millions of Polish citizens, and; give tips on how to maintain security when implementing digital ID systems. After this talk, the audience will understand the risks associated with national digital ID systems. They will also know what to look out for when using, implementing or testing such systems.
Presented at Security Fest 2024.
Speaker: Szymon ChadamAbout Szymon Chadam
IT Security Consultant at SecuRing. His key responsibilities are web and mobile application security testing. Throughout his career, Szymon has performed numerous penetration tests of critical infrastructure for a wide range of industries, such as banking, financial services, medical technologies, and telecommunications sectors. His main area of interest and expertise is Android application security. Occasional bug bounty hunter and university lecturer.
